spawn/.github/workflows/lint.yml

name: Lint

on:
  push:
    branches: [ main, master ]
  pull_request:
    branches: [ main, master ]

jobs:
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4

      - name: Install ShellCheck
        run: |
          # Pin shellcheck v0.10.0 for reproducible CI — verifies SHA256 before install
          SHELLCHECK_VERSION="0.10.0"
          SHELLCHECK_SHA256="6c881ab0698e4e6ea235245f22832860544f17ba386442fe7e9d629f8cbedf87"
          TARBALL="shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz"
          curl -sSL "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/${TARBALL}" -o /tmp/${TARBALL}
          echo "${SHELLCHECK_SHA256}  /tmp/${TARBALL}" | sha256sum -c
          tar -xJf "/tmp/${TARBALL}" -C /tmp "shellcheck-v${SHELLCHECK_VERSION}/shellcheck"
          sudo mv "/tmp/shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/local/bin/shellcheck

      - name: Run ShellCheck on all bash scripts
        run: |
          # Find all .sh files, excluding node_modules and other irrelevant directories
          # Note: Using || true temporarily - 3,598 existing warnings need gradual fixes
          find . -name "*.sh" \
            ! -path "*/node_modules/*" \
            ! -path "*/.git/*" \
            ! -path "*/dist/*" \
            ! -path "*/build/*" \
            -print0 | xargs -0 shellcheck || true

      - name: ShellCheck version info
        if: always()
        run: shellcheck --version

  biome:
    name: Biome Lint
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4

      - name: Setup Bun
        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6  # v2

      - name: Install dependencies
        run: bun install

      - name: Run Biome check (all packages)
        run: bunx @biomejs/biome check packages/cli/src/ packages/shared/src/ .claude/scripts/ .claude/skills/setup-spa/

  macos-compat:
    name: macOS Compatibility
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4

      - name: Run macOS compat linter
        run: bash sh/test/macos-compat.sh